[php-maint] Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"

Filipus Klutiero chealer at gmail.com
Wed Feb 1 00:53:13 UTC 2012

Package: php5
Version: 5.3.9-1
Severity: minor

README.Debian.security contains:

> Most specifically, the security team will not provide
> support for flaws in:
> - problems which are not flaws in the design of php but can be 
> problematic
>   when used by sloppy developers (for example: not checking the contents
>   of a tar file before extracting it, using unserialize() on
>   untrusted data, or relying on a specific value of short_open_tag). 

Sloppy developers do not use problems, although crackers may.
This is unclear and I frankly wouldn't know how to reformulate besides:
> - application code
But if that's what it means, then I don't think it's worth a mention at 
this place.

More information about the pkg-php-maint mailing list